What is CVE-2021-45010?

CVE-2021-45010 is a vulnerability in N/a. Published 2022-03-15.

Is CVE-2021-45010 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execu…

EPSS: 0.810 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/prasathmani/tinyfilemanager/pull/636 (x_refsource_MISC)
github.com/prasathmani/tinyfilemanager/commit/2046bbde72ed76af0cfdcae082de629bc… (x_refsource_MISC)
febin0x4e4a.wordpress.com/2022/01/23/tiny-file-manager-authenticated-rce/ (x_refsource_MISC)
github.com/febinrev/tinyfilemanager-2.4.3-exploit/raw/main/exploit.sh (x_refsource_MISC)
sploitus.com/exploit (x_refsource_MISC)
raw.githubusercontent.com/febinrev/tinyfilemanager-2.4.6-exploit/main/exploit.sh (x_refsource_MISC)
github.com/prasathmani/tinyfilemanager/pull/636/files/a93fc321a3c89fdb9bee860bf… (x_refsource_MISC)
packetstormsecurity.com/files/166330/Tiny-File-Manager-2.4.6-Shell-Upload.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-45010?: CVE-2021-45010 is a vulnerability in N/a. Published 2022-03-15.
Is CVE-2021-45010 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.